Cookie-based session and session with cookie-disabled

Session Introduction

1. The role of the session
   It is a solution that maintains state between the client and the server, which uses the session information (UID, etc.) for subsequent requests by the browser to obtain and modify the value of the variable. Together with a cookie to identify the same customer.
2. When the session is created
   When the client accesses the server for the first time, the session is created and assigned a unique session_id, and the session_id is passed into the client cookie, keeping the client consistent with the server-side session_id.
3. How do I confirm a user? Effective time of Session
   When the user accesses the browser again, the session_id is passed through the cookie and the server will confirm the user with the seesion_id and retrieve the reply message. But session reply is temporary, when the user closes the browser, or does not operate for a long time, the current session will be invalidated, when the user accesses the browser again, reassign session_id

The above is a cookie-based session, when the cookie is disabled, the effect is completely different.

The session under PHP

To use open a session, PHP provides a function session_start () to see the explanation of this function:

boolvoid )

Session_Start () creates a new session or reuses existing sessions. If you submit a session ID by either a GET or POST, or by using a cookie, the existing session is reused.

Cookie-based session

Example: Suppose there are two sections of code page1.php and page2.php

page1.php

session_start();$_SESSION["fuck"]="fuck";

page2.php

session_start();echo$_SESSION["fuck"]."<br>";

We'll go to page1.php first, and then we'll go to page2.php, which will output fuck. Why is it?
The first thing to say is that the same browser uses the same cookie when accessing the same site , and when we first visit page1.php, the session_id is stored in the cookie, The next time we visit page2.php, we pass the session_id over and see the explanation of the session_start () function, using a cookie to submit the session ID, the existing session is reused. that they have the same answer, so the output fuck

Prohibit cookies

We will disable the browser cookie to see what effect it will have.
1. Before disabling, we output session_id in page1.php, we find how to brush this session_id will not change, this is because we pass the cookie to the server-side verification, session_id error, so it does not change
2. After the page1.php, after each refresh, the session_id will change, the principle is clear, the cookie is disabled, session_id cannot pass, the server thought you this session_id invalid, So I'm going to reassign a session_id to you every time.
3. Then go to visit page2.php, and there will be no output

How to share a session after a cookie is banned

1. Pass the URL parameter and embed the session_id directly into the URL. Add session_id ($session _id) before Session_Start () to enable session sharing
2. Writing session information to a file
3. Session sharing via Memcache
4. Save session to database for sharing

Session Contribution Reference:
http://blog.163.com/zeng_dili/blog/static/175459672010514352830/

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Cookie-based session and session with cookie-disabled